Security News > 2022 > August > CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances.
"A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group," CISA notes in its advisory.
Depending on the page restrictions and the information a company has in Confluence, successful exploitation of the shortcoming could lead to the disclosure of sensitive information.
Although the bug was addressed by the Atlassian software company last week in versions 2.7.38 and 3.0.5, it has since come under active exploitation, cybersecurity firm Rapid7 disclosed this week.
"The good news is that the vulnerability is in the Questions for Confluence app and not in Confluence itself, which reduces the attack surface significantly."
News URL
https://thehackernews.com/2022/07/cisa-warns-of-atlassian-confluence-hard.html
Related news
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-26138 | Use of Hard-coded Credentials vulnerability in Atlassian Questions for Confluence 2.7.34/2.7.35/3.0.2 The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. | 9.8 |